The FBI recently issued a Flash Alert to Fortinet Fortigate users that Advanced Persistent Threat (APT) groups are continuing to exploit devices that have not been patched. Although Fortinet issued patches for these vulnerabilities in 2018, 2019, and 2020, many organizations have not applied the patches.
The exploitations are random, not against specific industries or
IT professionals leave room in their schedules for Microsoft’s monthly Patch Tuesday just as I leave room in my schedule every Wednesday night for blog writing. This month’s Patch Tuesday was light on patches compared to other months, but includes six that are designed to patch zero day-related vulnerabilities, four of which are relevant to
In an unusual and exciting twist to the Colonial Pipeline ransomware attack, the Department of Justice (DOJ) announced this week that it was able to retrieve $2.3 million of the $4.4 million paid by Colonial Pipeline to DarkSide by seizing the wallet, and thus “preventing Darkside actors from using it.”
Way to go DOJ and
Ever since the enactment of the Illinois Biometric Information Privacy Act (BIPA), we have been watching the development of laws around the collection, use, disclosure and retention of biometric information. In general, BIPA and other biometric information privacy laws enacted since BIPA, require any company that is collecting biometric information, such as fingerprints, voice recognition,
It has been reported by Bloomberg Law that the Colonial Pipeline ransomware attack was caused by a “single compromised password.” The Colonial Pipeline ransomware attack had consumers hoarding gasoline and disrupted distribution of gas along the east coast. One single compromised password.
Colonial Pipeline paid $4.4 million in ransom following the attack, although the Department
Since the Colonial Pipeline and JBS meat manufacturing security incidents, attention is finally being paid to the cybersecurity vulnerabilities of critical infrastructure in the U.S. and in particular, the potential effect on day to day life and national security if large and significant manufacturers’ production are disrupted. In the wake of these recent incidents in
The City of Tulsa, Oklahoma, announced on May 9, 2021, that it had been hit with a ransomware attack, but the Mayor is resolute in not paying the demanded ransom. Although “all of our computer systems—with a few exceptions—are down right now,” the Mayor has stated that he will “not pay a nickel” to the
Colonial Pipeline was hit with a proposed class action suit this week by a resident of North Carolina who alleges that he had to purchase gasoline at inflated prices due to the “unlawfully deficient data security” of Colonial, which allowed a ransomware attack to shut a pipeline down.
According to allegations in the suit, the
The Office for Civil Rights (OCR) this week announced a settlement with Peachstate Health Management LLC (aka AEON Clinical Laboratories) following a compliance review that uncovered alleged violations of HIPAA.
The settlement includes a $25,000 payment to OCR by Peachstate, a corrective action plan, and three years of monitoring by OCR.
OCR initiated a compliance
When I conduct employee education sessions on data privacy and cybersecurity, I am often surprised that employees are unaware that their employers are legally able to monitor their use of company assets, and that employers are indeed doing just that. Although some might find this creepy, if an employee is using an employer’s laptop, network